In the aftermath of Path’s well-publicized privacy issues, many people began looking at how other applications were using address book data. The goal was of course two-fold. On the one hand, researchers wanted to be able to determine which apps were taking data unprompted. On the other hand, some researchers jumped the gun and made false accusations to get their name out there. Normally, blogs would investigate the matter on their own and verify the results. This did not happen.
Specifically, Cult of Mac didn’t verify data it reported as fact for a report they published about Hipster, the mobile photo sharing application. Instead of verifying it, they immediately published the report and stated that Hipster was “doing the same thing as Path”. This turns out to be false.
I spoke with Hipster CEO Doug Ludlow today, and he told me what the truth of the matter is. He made it clear that Hipster does not store the data from address books on their servers. While address book data is sent to Hipster’s servers, it is not stored. (Of course, it would be impossible for Cult of Mac to know this, but they could have asked.) Rather, Hipster temporarily uploads the data and then checks it against the existing user base. Once this check is done, the address book is erased and the suggested user list is returned to the user. Ludlow says that it would be great if they could ‘nuke’ the data like Path, but since they don’t store it, they can’t.
The one problem Hipster runs into, though, is how it deals with sending the data. Hipster allows users to look for friends on the network via Facebook, Twitter, and, yes, with the address book. It provides options to enable these choices, and the address book option is set to ‘on’ by default. Ludlow explained to me that this was not done out of a desire to grab data quickly, and recant when caught. Rather, Ludlow said, “Don’t attribute to malice what should be attributed to incompetence”.
Of course, many users won’t agree with this assertion, and will instead see this as another startup misappropriating data. Ludlow wants to negate these feelings, and spelled out what steps they will take to remedy the issue. First, they’ve sent an update to the App Store changing the default for the address book (should be available by Friday). Next, they will lay out the details of all future app changes and fully explain the privacy implications. Finally, the Hipster iPhone app will now fully explain what the application is doing with user data – a feature already present in the Hipster Android app.
What this really shows us is that not all applications are created equally. Data transmissions can be confusing with the full story, and not all startups are stealing the data of users without their consent. Sometimes, mistakes are made, and simple design decisions can be mistaken for evil. Keep this in mind as more startups announce that they will be changing how they use user data, and as more accusations start to fly.